Tag: Microsoft
Cybersecurity Threat Advisory: Critical Windows kernel vulnerability
A pointer dereference weakness was discovered within the Microsoft Kernel Streaming Service that would allow an attacker to escalate their privileges to SYSTEM without any user interaction being required. Review the details in this Cybersecurity Threat Advisory to learn how...
Cybersecurity Threat Advisory: CRON#TRAP phishing campaign
A new phishing campaign, identified as CRON#TRAP, are targeting Windows systems with a preloaded Linux virtual machine (VM) to evade detection to conduct malicious acts. Continue reading this Cybersecurity Threat Advisory to learn how to protect against this phishing campaign....
Cybersecurity Threat Advisory: Exploited Microsoft zero-day flaw
The hacker group Lazarus recently exploited a patched, zero-day flaw in Microsoft Windows. The vulnerability, tracked as CVE-2024-38193 with a CVSS score of 7.8, is a Bring Your Own Vulnerable Driver (BYOVD) vulnerability for Winsock. Continue reading this Cybersecurity Threat...
Cybersecurity Threat Advisory: Active exploitation of Microsoft vulnerabilities
This Cybersecurity Threat Advisory highlights a new attack technique exploiting vulnerabilities in Microsoft Management Console (MMC). By creating malicious management saved console (MSC) files that appear legitimate, attackers can bypass traditional security measures and exploit the targeted MMC. Barracuda MSP...
Tech Time Warp: The breakthrough against software piracy that wasn’t
In this edition of Tech Time Warp we go back to April 14, 1995, when the Chinese government began widespread efforts to stop its government agencies from using pirated software. The move came after a Feb. 27, 1995, accord agreement...
Tech Time Warp: Don’t take Windows for granted
When was the last time you thought about how easy Windows makes your life? Seriously, though: Now, the ease with which you move from application to application, use keyboard shortcuts, and even resolve crashes with CTRL+ALT+DEL just feels like functionality...
Tech Time Warp: Leap years trip us up every time
Leap day 2024 was not without its technical complications. For instance, for more than 10 hours Thursday in New Zealand, drivers could not pay via credit card at gas pumps. Such problems are all part of the grand tradition of leap years,...
Cybersecurity Threat Advisory: Active exploitation of Microsoft vulnerability
Microsoft announced that a recently disclosed security flaw had been exploited just one day after it released fixes for the vulnerability. CVE-2024-21410, an Exchange Server vulnerability, with a CVSS score of 9.8, allows threat actors to escalate privileges of the...
Cybersecurity Threat Advisory: Increased cyberattacks unveiled
This Cybersecurity Threat Advisory looks at a threat actor who is targeting various private sector entities in Israel. Read the recommendations below to implement a layered security approach to protect against these cyberattacks. What is the threat? Microsoft has unveiled...
Cybersecurity Threat Advisory: Microsoft Sharepoint Server exploit
A proof-of-concept exploit code has surfaced on GitHub for a crucial authentication bypass vulnerability in Microsoft SharePoint Server. The exploit allows attackers to escalate privileges in Microsoft SharePoint Servers. Barracuda MSP recommends reviewing this Cybersecurity Threat Advisory in detail to...